System and method for general data protection regulation (GDPR) compliant hashing in blockchain ledgers

ABSTRACT

A computer implemented system and method for providing general data protection regulation (GDPR) compliant hashing in blockchain ledgers. The invention guarantees a user&#39;s right to be forgotten, in compliance with the GDPR regulations, utilizing blockchain technologies.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to currently pending U.S. patentapplication Ser. No. 16/737,216, filed on Jan. 8, 2020 and entitled,“System and Method for General Data Protection Regulation (GDPR)Compliant Hashing in Blockchain Ledgers”, which claims prior to U.S.Provisional Patent Application No. 62/925,546, filed on Oct. 24, 2019and entitled, “System and Method for General Data Protection Regulation(GDPR) Compliant Hashing in Blockchain Ledgers”, the entirety of whichare both incorporated herein by reference.

TECHNICAL FIELD

The present invention relates to computer architectures and methods thatautomatically comply with data security regulations using immutableaudit ledgers, such as blockchains. In particular, the inventionprovides a computer system and method that effectively complies withdata processing regulations, including, but not limited to, the EuropeanUnion's General Data Protection Regulation (GDPR).

BACKGROUND OF THE INVENTION

In accordance with GDPR, Personal Identifiable Information (PII), suchas an individual's name, phone number, address, etc. are protected bylaw and these laws often include the so-called “right to be forgotten”.In most of the current blockchain technologies, one cannot deleteinformation from a blockchain ledger because it is tamper-proof.However, in certain geographical regions having GDPR laws, the inabilityto delete PII stored in a blockchain ledger may lead to a violation ofthese data privacy laws, and in particular, a violation of the right tobe forgotten.

In general, personally identifiable information (PII) is any data thatcan be used to identify a specific individual. Social Security numbers,mailing or email address, and phone numbers have most commonly beenconsidered PII. However, PII may also include an IP address, login IDs,social media posts, or digital images. Geolocation, biometric, andbehavioral data can also be classified as PII.

A common mitigating solution to complying with GDPR laws is to store a)hash value, rather than the actual personal data (message), in theblockchain ledger, which makes it difficult to reconstruct the originalpersonal data, especially if the message is padded prior to hashing.However, storing only the hash values of the personal data may not beenough, because it is still possible to draw conclusions on the personaldata based upon the stored hash value and as such the personal data isnot considered to have been deleted from the blockchain ledger. Forexample, knowing the hash function used for a given message m, it ispossible for one to exhaust, by brute force, the padding space and seewhich hash values v are obtained in this way because, if a given hash vis not obtained then it can be concluded that m was not the message. Forexample, a hash value may be mapped to data of any size and togetherwith cryptographic functionality can be used to confirm a datafingerprint (SHA-1, SHA-256. MD-5 etc.). While prior art methods areknown which utilize a Merkle Tree function to generate the hash value,the resulting “hash” is still a data point and therefore can bechallenged with GDPR compliance. As such, in order to be GDPR compliant,a hash value must not be attributed to the PII and must be proven assuch.

Additionally, assuming that personal identifiable information (PII) isencrypted rather than hashed before it is written to a blockchain,destroying the cryptographic key renders the stored data unreadable.However, again it is still possible to draw conclusions based on theencrypted message by exhausting the cryptographic keys. As a result, onecould launch a challenge against an enterprise employing blockchaintechnology as to whether or not the enterprise is in compliance withGDPR.

Accordingly, there is a strong but, heretofore, unresolved need in theart for a system and method for ensuring GDPR compliance by enterprisesthat utilize blockchain technology.

SUMMARY OF THE INVENTION

In various embodiments, the present invention provides a system andmethod employing a new family of hash functions, rather than a singlefunction, that obviates instantiation of data between source anddestination that results in a new hash value which does not includeinformation on the original data.

In one embodiment, the present invention provides a computer implementedmethod for providing general data protection regulation (GDPR) complianthashing in blockchain ledgers. The method includes, receiving a firstmessage from a user at a blockchain gateway device, wherein the firstmessage comprises personal identification information (PII) andperforming, at the blockchain gateway device, a first hashing functionon the first message to obtain a hash value of the first message. Themethod further includes, storing the hash value of the first message ina blockchain ledger, storing the first hashing function in an off-chaindatabase and storing the first message in the off-chain database.

When a user of the blockchain desires to be forgotten, the methodfurther includes, receiving a request to delete the first message,arbitrarily selecting a second message that is different than the firstmessage and calculating a second hashing function using the secondmessage, wherein the second hashing function results in the same hashvalue. The method further includes, replacing the first message in theoff-chain database with the second message and replacing the firsthashing function in the off-chain database with the second hashingfunction.

In an additional embodiment, the present invention provides a blockchaingateway device for providing general data protection regulation (GDPR)compliant hashing in blockchain ledgers. The blockchain gateway deviceincludes, a processor and one or more memory devices storingcomputer-executable instructions that, when executed with the processor,cause the system to at least, receive a first message from a user,wherein the first message comprises personal identification information(PII) and perform a first hashing function on the first message toobtain a hash value of the first message. The device is furtherconfigured to store the hash value of the first message in a blockchainledger, store the first hashing function in an off-chain database andstore the first message in the off-chain database. The blockchaingateway device is further configured to receive a request to delete thefirst message, arbitrarily select a second message that is differentthan the first message, calculate a second hashing function using thesecond message, wherein the second hashing function results in the samehash value, replace the first message in the off-chain database with thesecond message and replace the first hashing function in the off-chaindatabase with the second hashing function.

In an additional embodiment, the present invention provides one or morenon-transitory computer-readable media having computer-executableinstructions for performing a method of running a software program on acomputing device for providing general data protection regulation (GDPR)compliant hashing in blockchain ledgers.

In the present invention, the personal identification information (PII)of the user may include one or more of, social security numbers, mailingaddresses, email addresses, phone numbers, IP addresses, login IDs,social media posts, digital images, geolocation data, biometric data,and behavioral data.

Accordingly, in various embodiments, the present invention provides asystem and method for ensuring GDPR compliance by enterprises thatutilize blockchain technology.

BRIEF DESCRIPTION OF THE DRAWINGS

For a fuller understanding of the invention, reference should be made tothe following detailed disclosure, taken in connection with theaccompanying drawings, in which:

FIG. 1 is a block diagram schematically a GDPR-Blockchain compliantarchitecture, in accordance with an embodiment of the present invention.

FIG. 2 is swim diagram illustrating a method for providing GDPRblockchain hashing compliance, in accordance with an embodiment of thepresent invention.

FIG. 3 is a flow diagram illustrating a method for providing GDPRblockchain compliance, in accordance with an embodiment of the presentinvention.

FIG. 4 is a block diagram illustrating the components of a GDPRblockchain gateway device, in accordance with an embodiment of thepresent invention.

DETAILED DESCRIPTION OF THE INVENTION

With reference to FIG. 1, the present invention provides aGDPR-Blockchain Compliant Architecture 100 comprising a blockchain ordistributed ledger technology (DLT) 110 and one or more off-chaindatabases 150. User data under GDPR directive 105, such as PII 112,which may include email addresses, social security number, social mediaposts, etc., are provided by the user. Hashed data pointers 130 aregenerated for the GDPR sensitive data, which are then stored in theblockchain ledger 110. Hashed data pointers 130 for public keys 120 andother data 125 may additionally be stored in the blockchain ledger 110.Hashed data pointers 132 from data, other than the user's data 105, suchas other non-GDPR sensitive data 134, may additionally be stored in theblockchain ledger 110. Both off-chain 140 and on-chain databases 135 maybe used to store the hashed values 132 for the data other than the GDPRsensitive data.

In the present invention, in order to comply with the GDPR “right to beforgotten”, the GDPR-Blockchain Compliant architecture 100 furtherincludes an off-chain or cloud database for the GDPR sensitive data 150.The use of the off-chain database 150 for the storage of the hashedvalues of the GDPR sensitive data 130 in accordance with the presentinvention to ensure GDPR compliance is described in further detailbelow.

The present invention provides a system and method employing a newfamily of hash functions that obviates instantiation of data betweensource and destination by structuring a proof algorithm that results ina new GDPR-PII Hash value “X-Proved”. The resulting hash value does notinclude information on the original data.

In the present intention, a new value of “X-Proved GDPR Compliant”message is generated where “hash” is outside the data block itself andis triggered by an event of “z” to prove GDPR compliance. The use ofhashing functions are foundational to the inventive method, but only inthe development of a new value of “X-Proved GDPR Compliant” messagewhich could be posted to the blockchain, wherein the resulting value isno longer related to the original data value, thereby complying withGDPR regulations.

In various embodiments, the present invention provides a system andmethod for referencing personal data in a blockchain ledger withoutbeing able to draw conclusions on the data itself. The inventive conceptis achieved by applying a family of hash functions h_s to the message msuch that for any given hash value v and message m there is a functionh_s in the family which, when applied to m gives exactly the value v.

In one embodiment, in a first step of the present invention, message mis hashed to the value v=h_s(m) and v is stored in the blockchain ledgerand s and m are stored outside the blockchain ledger (off-chain). In anext step, if m needs to be deleted upon request, then an arbitrarypseudonym m′ is selected to calculate a new s′ to obtain the same hashv=s′m′. At a next step, m and s are deleted from the off-chain databaseand replaced with m′, s′, thereby resulting in a proper anonymizationwhile still providing the correct reference.

In another embodiment, the method may begin when an enterprise orservice provider triggers the GDPR proof of compliance process. Inresponse to the trigger, the method proceeds to iterate pre-hash proofstates as part of the hash process, wherein a value of t can be insertedfor time=milliseconds. When the hash process has completed, GDPR-HashValue “X-Proved GDPR Compliant Message”, wherein X can be an arbitrarynumerical value, can be generated. This value-proof can then besequentially timestamped based on t and posted on a public blockchainledger. Exemplary embodiments for generating the “X-Proved GDPRCompliant Message” are described in the following paragraphs.

In an exemplary embodiment for calculating a new s′ to obtain the samehash, multiplication in a finite field K may be performed. Herein, letm, v and s be simply represented by elements of the field K. The mappingh_s: K--->K is given by m is mapped to v=ms. If v, m is given, s=v/mresults.

In a specific embodiment, the method of the present invention mayinclude:

-   -   1. Select a prime number p and a primitive root g mod p. Both        can be made public.    -   2. Let the privacy information (message) be represented by a        residue m mod p and freely select another residue s mod p. Both,        the residues of m and s are stored outside of the blockchain        ledger (off-chain). The blockchain ledger just stores the        residue v≡ms mod p.    -   3. If a request is received to delete the residue of m (outside        the ledger), an arbitrary new substitute m_(new) mod p is chosen        and s_(new):≡vm_(new) mod p is calculated and m outside the        ledger is replaced by m_(new) and s by s_(new). Then,        m_(new)·s_(new)≡ms=v mod p, and m, s are then deleted from the        off-chain database.

In a specific exemplary embodiment of the above described method of thepresent invention:

-   -   1. Assuming, p=29 and g=10.    -   2. Let the privacy information be represented by m≡13≡10²        mod 29. Then s is arbitrarily chosen to be s≡24≡10⁴ mod 29 and        ms≡g⁶≡22 mod 29 is stored in the blockchain ledger.    -   3. When removal of data is requested, m≡13 is replaced by an        arbitrary value m_(new), say m_(new)≡17, then s_(new)≡vm_(new)        ⁻¹=g²⁷=3 mod 29 is calculated and 13, 24 are deleted from the        off-chain database and replaced by 17, 3.

FIG. 2 illustrates a swim diagram of an exemplary process 200 forproviding GDPR blockchain hashing compliance, in accordance with anembodiment of the present invention. For example, the process 200 can beimplemented using a blockchain gateway device 210, controlled by a user205, to store messages and hashing functions in an off-chain database215 and to store hashed values in a blockchain ledger 220. The process200 provides GDPR compliance when queried by a data controller 225.

In operation, a user 205 of the GDPR compliant blockchain system 200provides a first message including personal identity information (PII)to a blockchain gateway 210. The blockchain gateway 210 then generates ahash value of the first message using a first hashing function 235 andthen stores the hash value in the off-chain database 215. The hash valueis also stored 245 in the blockchain ledger 220. The user 205 may beproviding their PII to a data controller 225 to be used for verificationof the user's identity, however no PII is stored in the blockchainledger 220.

In order to comply with GDPR requirements, “The Right to Be Forgotten”must be adhered to by the blockchain gateway 210, wherein the blockchaingateway 210 must guarantee that the stored hash value cannot toattributed to user data. As such, when the blockchain gateway 220receives a request to delete the first message, the blockchain gateway220 arbitrarily selects a second message that is different than thefirst message 255. The blockchain gateway 220 then calculates a secondhashing function using the second message that results in the same hashvalue 260. The blockchain gateway then replaces the first message withthe second message and replaces the first hashing function with thesecond hashing function 265 in the off-chain database 215. In response,an X-proved GDPR compliant hash value of the message is generated 270 bythe blockchain gateway 210, which is then stored 275 in the blockchainledger 220. When the data controller 225 checks for GDPR compliance 280with the execution of the right to be forgotten requested by the user205, the X-proved GDPR compliant message 275 is provided to the datacontroller 225, thereby verifying GDPR compliant anonymization whilestill referencing the same hash value.

FIG. 3 illustrates a computer implemented method 300 for providinggeneral data protection regulation (GDPR) compliant hashing inblockchain ledgers in accordance with the present invention. Step 305includes, performing a hashing function on a first message to obtain ahash value of the first message. At step 310, the hash value is storedin the blockchain ledger and at step 315, the first hashing function andthe first message are stored in the off-chain database. At step 320,upon receiving a request to delete the first message from the blockchainledger, the method continues at step 325 by arbitrarily selecting asecond message. At step 330, the method continues by calculating asecond hashing function using the second message, wherein the secondhashing function results in the same hash value. At step 335 the firstmessage in the off-chain database is replaced by the second message andthe first hashing function in the off-chain database is replaced by thesecond hashing function, thereby providing GDPR compliant anonymizationwhile still referencing the same hash value.

As such, in various embodiments, the present invention provides a systema method for automatically ensuring GDPR compliance when utilizingblockchain technology. While the inventive concept has been describedbased upon GDPR compliance, this is not intended to be limiting andcompliance with various other data regulations are within the scope ofthe present invention.

FIG. 4 is a block diagram 400 illustrating the components of anexemplary blockchain gateway device, in accordance with the presentinvention. As shown in FIG. 4, the blockchain gateway device includes aprocessor 420 and one or more memory devices 430 storingcomputer-executable instructions that, when executed with the processor,cause the system to at least, receive a first message from a user,wherein the first message comprises personal identification information(PII) and perform a first hashing function on the first message toobtain a hash value of the first message. The processor 420 is furtherconfigured to store the hash value of the first message in a blockchainledger, store the first hashing function in an off-chain database andstore the first message in the off-chain database. The processor 420 isfurther configured to receive a request to be forgotten from the user,arbitrarily select a second message that is different than the firstmessage, calculate a second hashing function using the second message,wherein the second hashing function results in the same hash value,replace the first message in the off-chain database with the secondmessage, replace the first hashing function in the off-chain databasewith the second hashing function and store a GDPR compliant hash valueof the message in the blockchain ledger.

In some implementations, a blockchain gateway device 400 forimplementing the GDPR-blockchain compliant architecture shown in FIG. 1,may include one or more the components of the blockchain gateway device400. As shown in FIG. 4, the blockchain gateway device 400 may include abus 410, a processor 420, a memory 430, a storage component 440, aninput component 450, an output component 460, and a communicationinterface 470.

Bus 410 may include circuitry that permits communication among thecomponents of the blockchain gateway device 400. Processor 420 may beimplemented in hardware, firmware, or a combination of hardware andsoftware. Processor 420 may be a central processing unit (CPU), agraphics processing unit (GPU), an accelerated processing unit (APU), amicroprocessor, a microcontroller, a digital signal processor (DSP), afield-programmable gate array (FPGA), an application-specific integratedcircuit (ASIC), or another type of processing component. In someimplementations, processor 420 includes one or more processors capableof being programmed to perform a function. Memory 430 may include arandom-access memory (RAM), a read only memory (ROM), and/or anothertype of dynamic or static storage device (e.g., a flash memory, amagnetic memory, and/or an optical memory) that stores informationand/or instructions for use by processor 420.

Storage component 440 may be configured for storing information and/orsoftware related to the operation and use of the blockchain gatewaydevice 400. For example, storage component 440 may include a hard disk(e.g., a magnetic disk, an optical disk, a magneto-optic disk, and/or asolid state disk), a compact disc (CD), a digital versatile disc (DVD),a floppy disk, a cartridge, a magnetic tape, and/or another type ofnon-transitory computer-readable medium, along with a correspondingdrive.

Input component 450 may include circuitry that allows the blockchaingateway device 400 to receive information, such as via user input, suchas, a touch screen display, a keyboard, a keypad, a mouse, a button, aswitch, and/or a microphone. Output component 460 may include acomponent that provides output information from the blockchain gatewaydevice 400, such as a display or a speaker.

Communication interface 470 may include a transceiver circuitry thatallows the blockchain gateway device 400 to communicate with otherdevices, such as via a wired connection, a wireless connection, or acombination of wired and wireless connections. Communication interface470 may allow device 400 to receive information from another deviceand/or provide information to another device. For example, communicationinterface 470 may include an Ethernet interface, an optical interface, acoaxial interface, an infrared interface, a radio frequency (RF)interface, a universal serial bus (USB) interface, a Wi-Fi interface, acellular network interface, and/or the like.

The blockchain gateway device 400 may perform one or more processesdescribed herein. The blockchain gateway device 400 may perform theseprocesses based on the processor 420 executing software instructionsstored by a non-transitory computer-readable medium, such as a memory430 and/or storage component 440.

The specific arrangement of components shown in FIG. 4 are provided asan exemplary embodiment. In practice, the blockchain gateway device 400may include additional components, fewer components, differentcomponents, or differently arranged components than those illustrated inFIG. 4.

The present invention may be embodied on various computing platformsthat perform actions responsive to software-based instructions and mostparticularly on touchscreen portable devices. The following provides anantecedent basis for the information technology that may be utilized toenable the invention.

The computer readable medium described in the claims below may be acomputer readable signal medium or a computer readable storage medium. Acomputer readable storage medium may be, for example, but not limitedto, an electronic, magnetic, optical, electromagnetic, infrared, orsemiconductor system, apparatus, or device, or any suitable combinationof the foregoing. More specific examples (a non-exhaustive list) of thecomputer readable storage medium would include the following: anelectrical connection having one or more wires, a portable computerdiskette, a hard disk, a random access memory (RAM), a read-only memory(ROM), an erasable programmable read-only memory (EPROM or Flashmemory), an optical fiber, a portable compact disc read-only memory(CD-ROM), an optical storage device, a magnetic storage device, or anysuitable combination of the foregoing. In the context of this document,a computer readable storage medium may be any non-transitory, tangiblemedium that can contain, or store a program for use by or in connectionwith an instruction execution system, apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device. However, asindicated above, due to circuit statutory subject matter restrictions,claims to this invention as a software product are those embodied in anon-transitory software medium such as a computer hard drive, flash-RAM,optical disk or the like.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wire-line, optical fiber cable, radio frequency, etc., or any suitablecombination of the foregoing. Computer program code for carrying outoperations for aspects of the present invention may be written in anycombination of one or more programming languages, including anobject-oriented programming language such as Java, C#, C++, Visual Basicor the like and conventional procedural programming languages, such asthe “C” programming language or similar programming languages.

Aspects of the present invention are described below with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

While methods, apparatuses, and systems have been described inconnection with exemplary embodiments of the various figures, it is tobe understood that other similar embodiments can be used ormodifications and additions can be made to the described embodiments forperforming the same function without deviating therefrom. Therefore, theinvention should not be limited to any single embodiment, but rathershould be construed in breadth and scope in accordance with the appendedclaims.

What is claimed is:
 1. A computer implemented method for providinggeneral data protection regulation (GDPR) compliant hashing inblockchain ledgers, the method comprising: receiving a first messagefrom a user at a blockchain gateway device, wherein the first messagecomprises personal identification information (PII); performing, at theblockchain gateway device, a first hashing function on the first messageto obtain a hash value of the first message; storing the hash value ofthe first message in a blockchain ledger; storing the first hashingfunction in an off-chain database; storing the first message in theoff-chain databases receiving, at the blockchain gateway device, arequest to delete the first message; arbitrarily selecting a secondmessage that is different than the first message; calculating a secondhashing function using the second message, wherein the second hashingfunction results in the same hash value; replacing the first message inthe off-chain database with the second message; replacing the firsthashing function in the off-chain database with the second hashingfunction; and storing a GDPR compliant hash value of the message in theblockchain ledger.
 2. The method of claim 1, wherein the personalidentification information (PII) of the user is selected from socialsecurity numbers, mailing addresses, email addresses, phone numbers, IPaddresses, login IDs, social media posts, digital images, geolocationdata, biometric data, and behavioral data.
 3. The method of claim 1,further comprising: requesting, by a data controller, a GDPR proof ofcompliance to the blockchain gateway device; and providing the GDPRcompliant message to the data controller in response to the request. 4.The method of claim 1, wherein the GDPR compliant message comprises atimestamp.
 5. The method of claim 1, wherein the first hashing functionand the second hashing function comprise a selected prime number.
 6. Themethod of claim 1, wherein performing, at the blockchain gateway device,a first hashing function on the first message to obtain a hash value ofthe first message further comprises: selecting a prime number p and aprimitive root g mod p; letting the first message be represented by afirst residue m mod p; selecting a first hashing function as a secondresidue s mod p; and wherein storing the first message in the off-chaindatabase comprises storing the first residue m mod p, storing the firsthashing function in the off-chain database comprises storing the secondresidue s mod p, and storing the hash value of the first message in theblockchain ledger comprises storing the third residue v≡ms mod p.
 7. Themethod of claim 6, further comprising: wherein receiving the request todelete the first message comprises a request to delete the first residueof m; wherein arbitrarily selecting a second message that is differentthan the first message further comprises selecting m_(new) mod p;wherein calculating a second hashing function using the second message,wherein the second hashing function results in the same hash valuefurther comprises calculating s_(new)≡vm_(new) ⁻¹ mod p; and whereinreplacing the first message in the off-chain database with the secondmessage further comprises replacing m in the off-chain database withm_(new); wherein replacing the first hashing function in the off-chaindatabase with the second hashing function further comprises replacing swith s_(new).
 8. The method of claim 6, wherein the prime number p andthe primitive root g mod p can both be made public.
 9. A blockchaingateway device for providing general data protection regulation (GDPR)compliant hashing in blockchain ledgers, the system comprising: aprocessor; and one or more memory devices storing computer-executableinstructions that, when executed with the processor, cause the system toat least: receive a first message from a user, wherein the first messagecomprises personal identification information (PII); perform a firsthashing function on the first message to obtain a hash value of thefirst message; store the hash value of the first message in a blockchainledger; store the first hashing function in an off-chain database; storethe first message in the off-chain database; receive a request to deletethe first message; arbitrarily select a second message that is differentthan the first message; calculate a second hashing function using thesecond message, wherein the second hashing function results in the samehash value; replace the first message in the off-chain database with thesecond message; replace the first hashing function in the off-chaindatabase with the second hashing function; and store a GDPR complianthash value of the message in the blockchain ledger.
 10. The system ofclaim 9, wherein the personal identification information (PII) of theuser is selected from social security numbers, mailing addresses, emailaddresses, phone numbers, IP addresses, login IDs, social media posts,digital images, geolocation data, biometric data, and behavioral data.11. The system of claim 9, wherein the one or more memory devicesstoring computer-executable instructions that, when executed with theprocessor, cause the system to further: receive a request from a datacontroller for GDPR proof of compliance; and provide the GDPR compliantmessage to the data controller in response to the request.
 12. Thesystem of claim 9, wherein the GDPR compliant message comprises atimestamp.
 13. The system of claim 9, wherein the first hashing functionand the second hashing function comprise a selected prime number. 14.The system of claim 9, wherein the one or more memory devices storingcomputer-executable instructions that, when executed with the processor,cause the system to further perform a first hashing function on thefirst message to obtain a hash value of the first message furthercomprises computer-executable instructions to: select a prime number pand a primitive root g mod p; let the first message be represented by afirst residue m mod p; select the first hashing function as a secondresidue s mod p; and store the first residue m mod p as the firstmessage; store second residue s mod p as the first hashing function; andstore third residue v≡ms mod p as the hash value.
 15. The system ofclaim 14, wherein the one or more memory devices storingcomputer-executable instructions that, when executed with the processor,further comprises computer-executable instructions to: receive a requestto delete the first residue of m; select a second message that isdifferent than the first message as m_(new) mod p; calculate a secondhashing function using the second message, wherein the second hashingfunction results in the same hash value, as s_(new)≡vm_(new) ⁻¹ mod p;and replace the first message in the off-chain database with the secondmessage by replacing m in the off-chain database with m_(new); replacethe first hashing function in the off-chain database with the secondhashing function by replacing s with s_(new).
 16. The system of claim14, wherein the prime number p and the primitive root g mod p can bothbe made public.
 17. One or more non-transitory computer-readable mediahaving computer-executable instructions for performing a method ofrunning a software program on a computing device for providing generaldata protection regulation (GDPR) compliant hashing in blockchainledgers, the method comprising, the computing device operating under anoperating system, the method including issuing instructions from thesoftware program comprising: receiving a first message from a user at ablockchain gateway device, wherein the first message comprises personalidentification information (PII); performing, at the blockchain gatewaydevice, a first hashing function on the first message to obtain a hashvalue of the first message; storing the hash value of the first messagein a blockchain ledger; storing the first hashing function in anoff-chain database; storing the first message in the off-chain databasereceiving, at the blockchain gateway device, a request to delete thefirst message; arbitrarily selecting a second message that is differentthan the first message; calculating a second hashing function using thesecond message, wherein the second hashing function results in the samehash value; replacing the first message in the off-chain database withthe second message; replacing the first hashing function in theoff-chain database with the second hashing function; and storing a GDPRcompliant hash value of the message in the blockchain ledger.